WhatsApp has regularly been regarded as one of the most secure messaging apps, thanks to the end-to-end encryption service offering on its chats. Now, however, the Narcotics Control Bureau’s (NCB) drug investigation into the Bollywood film industry has raised a narrative that was unlikely to be related in any way to the actor’s disappearance. Sushant Singh Rajput: online privacy. Given the NCB’s success in recovering old and deleted messages that were apparently also end-to-end encrypted, this has raised questions about how secure WhatsApp conversations really are and what privacy risks it actually has, even after WhatsApp’s encryption promise.
Forensic traces of deleted messages
While WhatsApp gives you the option to delete a message forever, it happens that the messages in question are, in fact, not completely deleted forever from everywhere. WhatsApp reportedly keeps a log of your conversations locally on your device, which works as a “forensic trace” to record data, according to cybersecurity service provider McAfee. It is this log that is regularly used by many third-party applications, giving you a way to view messages that have been deleted.
It is this registry that is reportedly not encrypted, and this represents a security flaw that can be exploited by malicious spyware tools. Last year, the Israeli cyber espionage tool ‘Pegasus’ wreaked havoc by accessing people’s phones, violating privacy and tracking all WhatsApp conversations. One of the factors that allowed Pegasus to enforce such a breach is the fact that WhatsApp’s end-to-end encryption works between the moment a message is sent and the moment it is received. This prevents your conversations from being intercepted in transit; in other words, your chats cannot be intercepted. However, once the source devices are corrupted, there is a strong chance that your message will be read.
Around the world, numerous investigative agencies and legal bodies have been known to use undisclosed tactics. In the wrong hands, this can be catastrophic for user privacy. It is also important to note that no messaging service, even the venerable Signal, would be completely impossible to hack. In the case of WhatsApp, its enormous popularity makes it an even bigger target for spyware tools.
What you can do
As a user, the best you can do is implement a general cyber hygiene protocol. Do not click on any unknown links, which you are not sure about. Even if you receive a random link from a known contact, first try to check why the link was sent to you. This is the first step in ensuring that you don’t accidentally download malicious tools like spyware on your phone.
You can also enable security notifications on your phone. This is a WhatsApp feature that you can activate by accessing the Security tab under ‘Account’ in Settings. Using this allows you to verify that your conversation with your contact is encrypted, and you will also be notified in the event that the linked number or the contact’s device changes. This can basically allow you to proactively find out if your contact’s WhatsApp account may have been compromised.
You must also activate two-factor authentication, which will ask you for an additional verification code when your WhatsApp account is set up. Also, add biometric authentication to restrict direct access to your messages by third-party applications. Beyond this, set your profile as a private account and, as a general good practice, avoid sharing any information that may later compromise you.
What does WhatsApp say
In a statement issued by a WhatsApp spokesperson, the company said of the recent private discussion, “WhatsApp protects your messages with end-to-end encryption so that only you and the person you are communicating with can read what is being sent, and no one in between can access it, not even WhatsApp. It is important to remember that people sign up for WhatsApp using only a phone number and WhatsApp does not have access to the content of your message.
WhatsApp follows the guidance provided by the manufacturers of operating systems for storage on the device and we encourage people to take advantage of all the security features that operating systems provide, such as strong passwords or biometric identifications to prevent third parties from accessing content stored on the device “.
.
